OT Detection Engineer

• Develop validate tune and optimise network sensor detection logic specific to OT environments.
• Integrate network telemetry into SIEM and SOAR platforms.
• Support client facing teams in network sensor deployments and configuration baselines.
• Write and maintain detection tests cases.
• Review findings of TI CERT and Red Team activities and evaluate from a detection engineering improvement perspective.

Key Responsibilities

• Researching data sets and potential IOCs for distribution.
• Running tools/techniques to get data.
• Researching log sources and data sets.
• Writing rules and alert logic.
• Writing test processes and procedures for the logic.
• Monitoring test output and bug fixing.
• Monitoring the system & data health.
• Add global filters to detection logic based on operational feedback.
• Deploy new analytics to existing customers using our deployment pipeline(s).
• Ensuring work is up-to-date or tracked.

Skills Knowledge & Expertise

• Proven experience with and understanding of industrial environments and protocols (such as but not excluded to: Modbus S7Comm S7Comm Bacnet Profinet DNP3 OPC MQTT).
• Proven experience and general understanding of detection engineering tuning and optimization of detection logic with Suricata Zeek or vendor platforms (such as Dragos Nozomi Claroty Armis or Darktrace).
• Proven experience in SOC or Managed Detection Services

• Proven experience in Analytically-minded IT Systems administration/Network Administration and looking for a change in career/focus on Security
• Excellent oral and written communication skills in English
• Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver
• Good understanding of IT Systems and platforms from a security context
  
  Desired Requirements:
  
  
• A security mindset and demonstrable experience or knowledge of the contemporary attack tactics and techniques specific for OT environments.
• Forensics or Incident Response competency would be considered valuable.
• Strong knowledge of the latest threats in security or is eager to build this knowledge.
• Experience with simulating attacks. Certificates such as CEH and OSCP are not required but are a plus.
• Experience with network detection tools preferably Zeek Suricata Nozomi Claroty Armis or Dragos.
• Experience with Scripting languages such as PowerShell Python Bash.
• Experience with version control (Git Azure Dev Ops etc.).

• Networking fundamentals.
• ICS/SCADA

Job Benefits

• Flexible Working: Balance your work and personal life with our flexible working options.
• Generous Holiday Allowance: Enjoy 25 days of holiday plus bank holidays with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme
• Financial & Investment Benefits: Enjoy peace of mind with our Pension Life Assurance and Share Save Scheme.
• Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
• Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
• Special Time Off: Take time off for those big moments in life like getting married/entering into a civil partnership becoming a grandparent and welcoming home a new pet.
• Family Planning: Benefit from our generous maternity and paternity leave as well as time off and support for those undergoing fertility treatments.